Volker Birk
7e1a2acbf0
|
||
|---|---|---|
| src | ||
| test | ||
| utils | ||
| .gitignore | ||
| LICENSE | ||
| README.md | ||
| format.md | ||
README.md
signedpkg
Signed and encrypted packages for deployment
To create such a package have a look at this script, which uses this Python program to encrypt.
See also the format specification.
How to use this
Signed packages can be used to transport critical data in a secure way. So they can be used for provisioning for users.
Use case: provision for a user
This code fragment shows the idea of how to provision for a user. It case the user was already provisioned this does nothing. In case an error occurs it throws an exception with the error message.
#include <pEp/unpack.hh>
void provision(std::string url)
{
pEp::UpdateClient::product p { "provisioning data", url };
UpdateClient::PublicKey update_key;
UpdateClient::load_key("update_key.der");
CryptoPP::ed25519PublicKey deployment_key;
SignedPackage::LoadPublicKey("deployment_key-pub.der", deployment_key);
CryptoPP::RSA::PrivateKey provisioning_key;
SignedPackage::LoadPrivateKey("provisioning_key.der", provisioning_key);
SignedPackage::provision_user(p, update_key, deployment_key,
provisioning_key);
}
Keys and their meaning
Update key
The Update key is the public key, which identifies the Update server. It guarantees that all downloaded data is coming from authorized source.
It is used for the encryption of the network traffic.
Deployment key
The Deployment key is the public key, with which the downloaded Signed package can be checked if it was created by the authorized factory.
It is used for verification of the Distribution signature.
Provisioning key
The Provisioning key is the private key, which represents the user. The Signed package is encrypted using the Provisioning key, making it impossible for other users to uncover the Provisioning data.